Questo forum fa uso dei cookie
Questo forum utilizza i cookie per memorizzare i dettagli del tuo login o della tua ultima visita. I cookie sono piccoli files di testo salvati nel computer; i cookie da noi utilizzati sono relativi unicamente ai servizi da noi forniti direttamente o dai banner pubblicitari. I cookie su questo forum salvano inoltre i dettagli relativi alle discussioni lette e alle tue preferenze personali. Sei pregato di selezionare il tasto OKAY se sei consapevole della presenza di questi files e ci autorizzi ad utilizarli per le informazioni specificate.

Indipendentemente dalla tua scelta un cookie verrà salvato per memorizzare nel tuo pc la risposta a questo form. Puoi modificare le impostazioni relative ai cookie nelle preferenze del tuo browser.

  • 0 voto(i) - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5
[Mikrotik] Use SSH to execute commands (DSA key login)

#1
Information 
Since RouterOS 2.9.13 support for SSH DSA keys and passing commands via ssh has been available. This allows you to run scripts from a remote machine against RouterOS without too much trouble anymore.
Example commands below are using FreeBSD - should be similar on other platforms.
You first need to create a key using ssh-keygen.

Codice:
%ssh-keygen -t dsa
This creates a DSA key pair that is compatible with Mikrotik.
Codice:
Generating public/private dsa key pair.

Codice:
Enter file in which to save the key (/home/user/.ssh/id_dsa):

Codice:
Enter passphrase (empty for no passphrase):

Codice:
Enter same passphrase again:

Codice:
Your identification has been saved in /home/user/.ssh/id_dsa.

Codice:
Your public key has been saved in /home/user/.ssh/id_dsa.pub.

Codice:
The key fingerprint is:

Codice:
f0:d0:xx:ee:07:xx:bb:a8:xx:9e:e1:fe:77:48:xx:xx user@vp6.example.com


Make sure to leave the passphrase blank if you are going to be using this key in automated scripts. You do not want to be prompted for a password. Just make sure you keep your private key private (enough said?)!

Now you can ftp your id_dsa key to mikrotik to prepare for import.

Codice:
%ftp 10.20.1.1

Codice:
Connected to 10.20.1.1.

Codice:
220 mikrotik FTP server (MikroTik 2.9.16) ready

Codice:
Name (10.20.1.1:user): admin

Codice:
331 Password required for admin

Codice:
Password:


Codice:
ftp> put id_dsa.pub

Codice:
226 ASCII transfer complete


Codice:
ftp> exit


This uploads your public key to the router. Do not upload your private key, it is private.

Now from either Winbox or terminal mode you need to import the key. An example using terminal mode is given.

Codice:
[admin@mikrotik]> user ssh-keys import file=id_dsa.pub

Codice:
user: admin-ssh

The user field above determines which user account will be logged in when you pass the key. For security reasons you should never use the 'admin' account (you knew that right?). Create a separate user account.

Now that you've created a key pair and imported the public key into RouterOS you can start running commands from your remote machine.

Escaping shell special characters

For executing simple command with ssh you have to enclose command with quotes to tell shell which characters belong to single shell command parameter. If you use double quotes than you have to escape all inside double quotes with backslash \.

Codice:
%ssh -l admin-ssh -i /home/user/.ssh/id_dsa 10.20.1.1 ":put \"hello\""


Another special character which need escaping is single dollar sign $ because it's used for variable handling by shell like bash or sh.
Codice:
%ssh -l admin-ssh -i /home/user/.ssh/id_dsa 10.20.1.1 ":for i from=1 to=10 do={:put \$i}"


All other special characters evaluated by shell have to be escaped.

Examples
Codice:
%ssh -l admin-ssh -i /home/user/.ssh/id_dsa 10.20.1.1 "/system gps monitor"

Codice:
 date-and-time: mar/18/2006 08:30:39

Codice:
     longitude: "W 117 00' 00''"

Codice:
      latitude: "N 33 0' 00''"

Codice:
      altitude: "200.199997m"

Codice:
         speed: "0.185200 km/h"

Codice:
         valid: yes


Codice:
%ssh -l admin-ssh -i /home/user/.ssh/id_dsa 10.20.1.1 "/routing bgp peer print status"

Codice:
Flags: X - disabled

Codice:
0   remote-address=xxx.xxx.129.196 remote-as=65333 multihop=yes

Codice:
    in-filter=cymru-in out-filter=cymru-out route-reflect=no hold-time=3m

Codice:
    ttl=60 tcp-md5-key="" remote-id=xxx.xxx.129.196 remote-hold-time=3h

Codice:
    used-hold-time=3m used-keepalive-time=1m state=established

Codice:
    uptime=1w1d10h54m55s prefix-count=68 refresh-capability=yes

Codice:
%ssh -l admin-ssh -i /home/user/.ssh/id_dsa 10.20.1.1 "/ip firewall connection print count-only"

Codice:
66566

 -API
 -API PHP class
 -Using SSH for system backup
Cita messaggio


Discussioni simili
Discussione Autore Risposte Letto Ultimo messaggio
Lightbulb Notifica E-Mail login utente hamtarociaoo 0 2'617 26-09-2013, 16:20
Ultimo messaggio: hamtarociaoo

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Utenti che stanno guardando questa discussione:
1 Ospite(i)


Powered by MyBB, © 2002-2019 MyBB Group.